1.1. We care about your privacy and the security of your personal data (“Personal Data”), so we have developed this Privacy Policy (the “Privacy Policy”) to explain how we process and protect your Personal Data, what rights you have, and other relevant information regarding your data.
1.2. In this Privacy Policy, the term “Personal Data” means any information or set of information by which you may be directly or indirectly identified, such as your name, email address, phone number, etc.
1.3. We process Personal Data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR) and, where applicable, the California Consumer Privacy Act (CCPA) and other U.S. state and federal privacy laws.
1.4. This Privacy Policy applies when you use our software tools and resources available at https://www.dentacasa.com(the “Platform”), request and use services or features provided on the Platform (the “Services”), visit our website (the “Website”), subscribe to our newsletters, or interact with our social media accounts on LinkedIn, Facebook, Twitter, Instagram, or YouTube (collectively, the “Social Accounts”). It also applies when you contact us via email, phone, or other communication channels, or apply for a job.
1.5. The Platform, Website, and Social Accounts may contain links to external sites (e.g., partner sites, promotional pages). Please note that those sites have their own privacy policies, and we are not responsible for their data practices. We encourage you to review their policies before submitting any Personal Data.
1.6. By using our Services, Platform, Website, or Social Accounts, subscribing to our communications, or contacting us in any form, you confirm your agreement to this Privacy Policy and the described purposes, methods, and processing procedures of your Personal Data. If you do not agree, you must not use our Services or otherwise interact with Dentacasa.
1.7. Capitalized terms not defined in this Privacy Policy shall have the meanings given in the Dentacasa Terms of Use (the “Terms”), any other documentation on our Website or Platform, or the applicable data protection regulations.
1.8. We may update this Privacy Policy from time to time. Updates will be posted on the Website. Your continued use of the Services, Platform, Website, or Social Accounts after such updates signifies your acceptance of the revised Privacy Policy, unless otherwise required by applicable law.
2.1. We are Dentacasa LLC, a private limited liability company registered and headquartered in the State of Wyoming, United States. In this Privacy Policy, references to “Dentacasa”, the “Company”, or “we” refer to Dentacasa LLC, acting as the data Controller of your Personal Data.
2.2. Our company details are as follows: Legal Name: Dentacasa LLC; Legal Entity Type: Limited Liability Company (Wyoming LLC); Mailing Address: 30 N Gould St, Ste R, Sheridan, WY 82801, United States; Email: support@dentacasa.com; Privacy Contact / DPO: privacy@dentacasa.com
2.3. We act as the Personal Data Controller when we offer and provide the Services and Platform, operate our Website and Social Accounts, manage day-to-day business operations, and comply with applicable legal obligations.
2.4. When Dentacasa receives and processes Personal Data on behalf of a Customer (e.g., patient data entered by a clinic using the Platform), we do so strictly under the terms of a Data Processing Agreement (DPA) entered into with that Customer. In such cases, Dentacasa acts as a Data Processor, in line with Article 28 of the GDPR and other applicable data protection laws.
3.1 We collect and process your Personal Data in the following situations:
When you provide it directly (e.g., by registering an account, using the Platform, contacting support, subscribing to updates, or applying for employment);
When it is generated or collected automatically during your use of the Platform, Website, or Services (e.g., usage data, IP address, device details, location, browser type, cookies, URLs clicked, and transaction history).
3.2 We process your Personal Data for contractual, legal, and legitimate business purposes, including the proper provision and improvement of our Services.
3.3. You are responsible for ensuring the accuracy and legality of any Personal Data you provide, including data you submit on behalf of others. If we are contacted by an individual regarding data you have submitted, we may identify you as the data source.
3.4. The table below summarizes key processing activities:
Purpose | Data Categories | Retention | Legal Basis |
Account registration, login, service usage | Name, email, phone, password, business details, billing info, service logs | While account is active + 5 years | Contract (Art. 6(1)(b)), Consent (Art. 6(1)(a)), Legitimate interest (Art. 6(1)(f)) |
Service-related communication & support | Name, email, phone, service logs, submitted tickets or messages | During active support + 5 years | Consent, Legitimate interest |
Billing and payments | Name, billing email, phone, business address, payment data, Stripe transaction metadata | 10 years (regulatory) | Legal obligation (Art. 6(1)(c)), Contract |
Website & platform analytics, device data, cookies | IP address, device type, browser, cookies, session logs | Up to 1 year | Consent, Legitimate interest |
Direct marketing (if subscribed) | Name, email, phone, campaign interaction data | Up to 5 years or until consent withdrawn | Consent, Legitimate interest |
Dispute resolution & legal claims | Name, contact details, submitted complaints, related correspondence | While dispute is active + 10 years | Legal obligation, Legitimate interest |
3.5 When using our Social Accounts (e.g., LinkedIn, Instagram, Facebook), we may view your publicly available profile information depending on your privacy settings (e.g., name, image, email, location). Content you submit on those platforms (e.g., comments, messages) may be visible to other users and is subject to each platform’s privacy policy.
3.6 We may send necessary transactional communications (not considered marketing), such as order confirmations, plan expiry alerts, service changes, system updates, and legal notice updates. These are part of fulfilling our contractual obligations.
3.7. You may update or correct your Personal Data at any time via the Platform or by contacting support. In some cases, we may request that you verify or reconfirm your information to ensure accuracy.
3.8. Dentacasa does not sell, rent, or share your Personal Data with third parties for their own marketing purposes.
3.9. All payment data is processed securely via Stripe, a PCI-DSS-compliant payment processor. Dentacasa does not store or have access to your full card data. For more details, see Stripe’s privacy policy.
3.10. Dentacasa does not intentionally collect or process “sensitive personal information” (such as government IDs, health records, precise geolocation, or biometric data) unless such data is explicitly provided and authorized by our Customers (e.g., clinics uploading patient records). In such cases, processing is conducted strictly on behalf of the Customer and in compliance with applicable data protection agreements and laws.
3.11. System-generated emails to Customers and Users (e.g., onboarding, alerts, security notifications) are sent via MailerSend. Emails sent to patients (e.g., treatment plans) are triggered and authorized by the clinic. Dentacasa acts solely as a technical intermediary in these cases and does not initiate communication to patients on its own behalf.
3.12. Some Service functions may rely on automated decision-making, such as feature access controls or eligibility logic. We do not use profiling that produces legal effects or similarly significant impacts. You may request human review of any automated decision affecting you.
3.13. Dentacasa’s Services are not directed to children under the age of 13 (or under 16 in certain jurisdictions). We do not knowingly collect Personal Data from children without verifiable parental consent. If we learn that we have inadvertently collected data from a child, we will delete such data as soon as possible. If you believe a child has provided us with Personal Data, please contact us at privacy@dentacasa.com.
3.14. If we introduce AI-driven functionality (e.g., form completion or recommendations), we will ensure such features are clearly labeled, and used in compliance with data protection laws. You will have the option to opt out or request human review where applicable.
4.1. We only collect and use Personal Data that is strictly necessary for the specific, legitimate purposes outlined in this Privacy Policy or required by law.
4.2. When processing your Personal Data, we adhere to the following principles:
We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant U.S. and international regulations.
We process your data lawfully, fairly, and transparently, ensuring that you understand how your information is used.
We only collect Personal Data for specified, explicit, and legitimate purposes and do not use it in ways incompatible with those purposes, unless required or permitted by law.
We take reasonable steps to keep your Personal Data accurate and up to date, and we correct or delete inaccurate data as needed.
We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.
4.3. We do not disclose your Personal Data to third parties except:
as described in this Privacy Policy;
as necessary for the delivery of our Services (e.g., third-party processors like Stripe or MailerSend);
or when required by law.
4.4. We implement appropriate technical and organizational safeguards to ensure the confidentiality, integrity, and availability of your Personal Data. Access is restricted to authorized personnel who require it for legitimate business purposes.
5.1. We transfer your Personal Data only in accordance with this Privacy Policy and applicable law.
5.2. We may share or disclose your Personal Data with the following categories of recipients:
5.2.1. Trusted service providers and business partners, including but not limited to:
Hosting, infrastructure, and IT support providers;
Payment processors (e.g., Stripe);
Email delivery platforms (e.g., MailerSend);
Legal, accounting, tax, audit, or compliance consultants;
Analytics and search engine providers who help us improve platform performance.
All such service providers act as data processors and are contractually obligated to use your Personal Data solely on our instructions and in a manner consistent with this Privacy Policy and applicable data protection laws.
5.2.2. Public authorities, courts, or law enforcement agencies, when required to do so under applicable law, court order, or legal obligation.
5.2.3. Parties involved in business transfers, including:
A buyer or prospective buyer of our business or assets;
Any entity involved in a merger, acquisition, restructuring, or similar transaction involving Dentacasa.
While our infrastructure is primarily U.S.-based, we may process or store Personal Data in the United States, the European Economic Area (EEA), or other jurisdictions where our partners or service providers operate.
International data transfers are carried out with appropriate safeguards to ensure your rights are protected. Specifically:
5.3. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK Information Commissioner’s Office for data transfers from the EEA or UK to the United States and other countries that do not offer an adequacy decision.
5.4. Where applicable, we assess the legal framework of the recipient country and implement supplementary safeguards as necessary to ensure a level of protection essentially equivalent to that in the EEA.
5.5. Your Personal Data may also be transferred with your explicit consent, or where such transfer is necessary for the performance of a contract or for the establishment, exercise, or defense of legal claims.
5.6. You may request more information about international transfers or obtain a copy of the applicable safeguards (e.g., SCCs) by contacting us at privacy@dentacasa.com.
6.1. As a data subject, you have the following rights regarding your Personal Data, subject to applicable data protection laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) (as amended by the CPRA):
Right to be informed – to know how and why your Personal Data is collected, used, and processed, including the categories of data and recipients.
Right of access – to obtain confirmation of whether we process your Personal Data, and to access such data and related information.
Right to rectification – to request correction of inaccurate or incomplete Personal Data.
Right to erasure ("right to be forgotten") – to request deletion of your Personal Data, subject to limitations under applicable law.
Right to restrict processing – to request the temporary suspension of processing where accuracy is contested, processing is unlawful, or you object pending verification.
Right to data portability – to receive your Personal Data in a structured, commonly used, machine-readable format and transfer it to another controller, where technically feasible.
Right to object – to object to the processing of your Personal Data based on our legitimate interests or for direct marketing purposes, including profiling.
Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing based on consent before withdrawal.
6.2. If you do not want to receive direct marketing messages, surveys, or promotional content from us, you can opt out at any time by:
Clicking the "unsubscribe" link in the email or message, or
Writing to privacy@dentacasa.com.
6.3. We may refuse to comply with your request (except marketing opt-outs) if we are required to retain the data to:
Comply with legal obligations,
Fulfill contractual commitments,
Establish or defend legal claims,
Prevent or investigate fraud, abuse, or security incidents.
6.4. You may exercise your rights by:
Updating your information directly in your Dentacasa account settings, or
Submitting a written request to privacy@dentacasa.com.
6.5. To ensure data security, we may require you to verify your identity before fulfilling your request. This may involve completing a form or providing government-issued identification.
6.6. We will respond within 1 month of receiving your valid request. If your request is complex or we receive multiple requests, we may extend the deadline by an additional 2 months, in which case you will be notified within the initial 1-month period.
6.7. If you request deletion of your Personal Data, we may retain limited copies:
To fulfill legal obligations,
To resolve disputes,
To enforce our Terms of Use or other agreements.
6.8. Additional Rights for California Residents
6.8.1. If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:
The right to know what categories of Personal Data we collect, use, disclose, and sell or share;
The right to request access to the specific pieces of Personal Data we have collected about you;
The right to delete your Personal Data (subject to lawful exceptions);
The right to correct inaccurate Personal Data;
The right to opt out of the sale or sharing of your Personal Data;
The right to limit the use of your sensitive Personal Data (if any);
The right to not be discriminated against for exercising your privacy rights.
6.9. Dentacasa does not “sell” or “share” your Personal Data as those terms are defined by the CCPA/CPRA.
6.10. To exercise these rights, please contact us at: privacy@dentacasa.com.
7.1. With your consent, we may use your Personal Data for direct marketing purposes to provide you with newsletters, offers, and information about our Services, as well as to inquire about the quality of our Services.
7.2. The above content can be sent by e-mail, messages to the phone number specified by you, as well as messages in your account in the Platform. Your contacts may be transferred to our partners who provide us with news sending or quality assessment services.
7.3. After sending such content, we can collect information about the people who received it, for example, which message people opened, what links they clicked on, etc. Such information is collected to offer you relevant and more tailored news and content.
7.4. Even if you have given your consent to the processing of Personal Data for direct marketing purposes, you can easily withdraw this consent for all or part of the Personal Data processing activities at any time. To do this, you can:
7.4.1. notify us of your withdrawal in the manner specified in the provided message (e.g. by clicking on the “unsubscribe” link in the newsletter, etc.); or
7.4.2. send us a notification to the e-mail address specified in this Privacy Policy. If you so request withdrawal of consent, we may ask you to verify your identity.
7.5. If you withdraw your consent, we will try to stop sending such content to you immediately.
7.6. Withdrawal of consent does not automatically oblige us to destroy your Personal Data or provide you with information about the Personal Data processed by us; for these actions you should submit a separate request.
8.1. Your Personal Data are processed responsibly, securely, and are protected from loss, unauthorized use, and alteration. We have put in place physical and technical measures to protect the information we collect from accidental or unlawful destruction, damage, alteration, loss, disclosure, as well as from any other unlawful processing. Security measures for Personal Data shall be determined considering the risks arising from the processing of Personal Data.
8.2. Our employees are under a written obligation not to disclose or distribute your Personal Data to third parties or unauthorized persons.
8.3. We will strive not to store outdated and irrelevant Personal Data. Therefore, when updated (e.g. after adjusting or changing information in your account, etc.), only the relevant information is stored. Historical information is stored if necessary, in accordance with the law or during our business activities.
9.1. We act as Data Processor when we provide Services to our Customers (in this case we process their Lists, receive their campaign’s analytical data, etc.). We receive this Personal Data directly from a Customer or collect it during the provision of the Services and process it to properly provide our Services. Data are processed when we administer the Platform, solve tasks related to the proper functioning of the Platform and similar.
9.2. The Personal Data processed by us as a Personal Data Processor may, among others, include identification and contact data received during the provision of Services (IP address, correspondence, campaign’s analytical data).
9.3. We process Personal Data for no longer than the duration of the agreement between us and the Customer to provide Services unless such data should be processed for a longer period to prove the proper provision of Services.
9.4. We ensure that data trusted to us by the Customers remain private and confidential. We, however, may scan the content of your campaigns to ensure it complies with the Terms and applicable laws. We need to perform such actions to create blacklists, to develop and test algorithms, heuristics and other methods and tools for detecting violations and to apply those methods and tools to the Services. We will not sell, rent, loan, or invite external access to any data trusted to us. We also undertake not to use the Personal Data trusted to us for any other purposes than those specified in the DPA.
9.5. Acting as a Data Processor, we undertake to:
Process Personal Data in accordance with the DPA and only to the extent necessary for the performance of agreement and the provision of Services under it;
Immediately inform Customer if we are unable to process Personal Data for any reason;
Entrust the processing of Personal Data only to authorized persons who have assumed the duty of confidentiality to the extent necessary;
Upon receipt of a request from the Data Subject, the supervisory authority or any other person to provide the processed Personal Data, transmit such request to the Customer;
Not to use Personal Data for purposes other than the performance of agreement and DPA, take measures to prevent accidental or unlawful destruction, alteration, disclosure of Personal Data, as well as any other unlawful processing;
Apply appropriate technical and organizational security measures to protect Personal Data in accordance with the GDPR;
Taking into account the nature of the Personal Data provided, the manner in which it is provided, to enable the Customer to access, correct, delete, restrict and transfer the Personal Data processed by us;
Considering the nature of the processing of Personal Data, the way it is provided, and the technical and organizational measures applied, at the request of the Customer, to assist:
To fulfill the Customer’s obligation to respond to requests to exercise the rights of the Data Subject to the extent that such rights are applied taking into account the Services provided and the conditions for the processing of Personal Data;
To fulfil specific obligations applicable to the Customer under the GDPR or other laws regulating the protection of Personal Data, such as reporting a Personal Data breach, providing information in the context of a data protection impact assessment and prior consultations.
9.6. If, because of an instruction or request submitted by the Customer, we incur additional costs not provided for in agreement between us and the Customer, we will immediately inform the Customer and we may suspend the processing of Personal Data (except storage) until the issue of compensation of additional costs is resolved.
9.7. If we notice Personal Data breaches (actions or omissions that may cause or threaten the security of Personal Data), we will immediately inform the Customer in writing, providing the information required by the GDPR.
9.8. At the Customer’s request, we will provide the information necessary to prove compliance with the applicable Personal Data processing obligations, as well as allow the Customer to perform audits and inspections on our activities while processing data on Customer’s behalf and cooperate in their performance.
We allow the Customer to carry out a verification related to the processing of Personal Data, which is obligated to be carried out by the supervisory authority in accordance with the Personal Data protection legislation. Verification may be carried out only to the extent defined by law and, in any event, the confidentiality of the information obtained during the inspection must be ensured, unless the law requires such information to be made public. We may ask the Customer to reimburse reasonable costs incurred because of such verification.
9.10. Where the processing of Personal Data is not necessary for the performance of our obligations under the agreement or the DPA, or when the contractual relationship between us and the Customer expires, we will destroy or return all Personal Data processed on behalf of the Customer and delete copies of this data, unless otherwise provided for in the applicable laws.
9.11. Liabilities of the Customer:
The Customer ensures that the Personal Data submitted to us for processing is collected and processed lawfully, for legitimate purposes and on the grounds, and the Customer has all necessary consents and the right to transfer Personal Data. The Customer undertakes to properly inform Data Subjects about the processing and transfer of their Personal Data to us. The Customer shall be liable for all damages suffered by Data Subjects due to improper processing of Personal Data by the Customer;
We do not individually verify the lawfulness of the transfer of such data. If any person indicates that Personal Data transferred to us is collected or processed unlawfully, we will immediately suspend the processing of such Personal Data until the Customer denies these circumstances. The Customer bears all the costs and negative consequences associated with such denial, including delays in the supply of Services. We will not be liable for such consequences;
The Customer undertakes to provide the necessary and lawful instructions regarding the processing of Personal Data in a timely and proper manner, as well as all information and documents necessary for the processing of Personal Data. Instructions are provided in writing, including by email or by filling in our prepared forms.
9.12. You can learn more about how we process Personal Data when we act as a Data Processor in the DPA.
10.1. We use cookies and similar tracking technologies (such as pixels, tags, and local storage) to improve user experience, analyze usage, and personalize content. These may include:
Essential cookies for platform functionality;
Analytics cookies (e.g., via Google Analytics) for performance and diagnostics;
Marketing or retargeting cookies, only where consented to.
10.2. You can manage your cookie preferences through your browser settings or, where required by law, via a cookie consent banner on our Website.
10.3. Where required by law, we display a cookie consent banner allowing users to accept or reject non-essential cookies.
11.1. If you have any questions regarding the information provided in this Privacy Policy, please contact us by: Email: privacy@dentacasa.com
11.2. If you wish to submit a complaint regarding our processing of Personal Data, please provide it to us in writing, giving as much information as possible. We will cooperate with you and try to resolve all issues immediately.
11.3. If you are located in the European Economic Area (EEA), you may contact your local data protection authority regarding your rights under the GDPR. Since Dentacasa LLC does not maintain an establishment in the EU, we are not subject to Article 27 representative requirements but will make reasonable efforts to cooperate with EU supervisory authorities if applicable. We strive to resolve all disputes expeditiously and peacefully, so first of all we invite you to contact us.
11.4. All disputes and disagreements arising between us and our Customer while we act as Personal Data Processors shall be settled by negotiation between us. If no agreement is reached within 30 days from the date of receipt of the written notification of the disputed issue, disputes and disagreements shall be settled in the courts of the Republic of Lithuania, in accordance with the law of the Republic of Lithuania. In the event of disagreement between us and the Customer, the guilty party shall indemnify the other party for the direct losses it has suffered. Our liability in all cases shall be limited to the amount payable by the Customer for 1 month of the Services unless liability cannot be limited in accordance with the requirements of applicable law. Loss of Personal Data is considered an indirect loss.
12.1. We may change this Privacy Policy. We will notify you of the changes by placing an updated Privacy Policy on the Website, or by other common means of communication. Additions or changes to the Privacy Policy shall take effect from the date of renewal specified in the Privacy Policy unless another effective date is specified.
12.2. If you continue to use the Platform, the Services, visit the Website, contact us, etc. it is deemed that you have accepted the amended terms of the Privacy Policy.
